MacRumors

macrumors bot
Original poster
Apr 12, 2001
53,531
15,252



Uber_App_Icon-250x250.jpg
Uber suffered a massive data breach last year that exposed the personal data of 57 million customers and drivers, reports Bloomberg. The attack occurred in October of 2016 and included personal information from 50 million Uber riders and 7 million Uber drivers.

Two hackers reportedly accessed a private GitHub repository used by Uber's software engineers and then used those credentials to breach an Amazon Web Services account that contained an archive of rider and driver information.

Email addresses and phone numbers were stolen from riders, while hackers were able to obtain email addresses, phone numbers, and driver's license numbers from drivers. Uber says social security numbers and trip location data were not accessed in the attack.

Rather than disclosing the attack when Uber learned of it in November of 2016, the company instead paid hackers $100,000 to delete the data and keep quiet about the breach. Uber did not disclose the identity of the hackers, but did say it believes the information was not used or otherwise sold.

Uber's new CEO, Dara Khosrowshahi, says the attack and the coverup should not have happened, and that Uber is "changing the way we do business." Khosrowshahi says he is aiming to change the way Uber operates, and as part of that effort, Uber informed the FTC and attorney general about the attack this morning.
"At the time of the incident, we took immediate steps to secure the data and shut down further unauthorized access by the individuals," Khosrowshahi said. "We also implemented security measures to restrict access to and strengthen controls on our cloud-based storage accounts."
Uber's efforts to conceal the hack were led by chief security officer Joe Sullivan, who has been ousted from the company. Uber also let go of Craig Clark, a senior lawyer who worked with Sullivan.

In light of the attack, Uber has hired Matt Olsen, who previously served as general counsel at the National Security Agency. Uber says Olsen will help the company restructure its security teams.

Article Link: Hackers Stole Data From 57 Million Uber Drivers and Customers, Uber Paid $100K to Hide Attack
 

Watabou

macrumors 68040
Feb 10, 2008
3,424
753
United States
Uber's efforts to conceal the hack were led by chief security officer Joe Sullivan, who has been ousted from the company. Uber also let go of Craig Clark, a senior lawyer who worked with Sullivan.

The blame doesn’t just lie with those two. How did the rest of Uber’s upper management not notice why they paid $100K?
 

Doctor Q

Administrator
Staff member
Can you trust hackers not to use (i.e, sell) the data they stole, even if you pay them? If they take your data, take your money, AND use the data, should you take them to court or offer them more money?

Note to self: Perhaps it's not a great idea to store your internal passwords in your GitHub account.
 

kdarling

macrumors P6
Sure, but you're not going to defend Uber paying the hackers $100k to hide it are you? It's as shady as it gets. If they were upfront and honest about the hack I might have forgiven them.

If Uber hadn't paid, then the hackers would've sold the info to people up to no good.

Which would you prefer? Lots of publicity with your info sold, or no publicity and your info safe?
 

patent10021

macrumors 68040
Apr 23, 2004
3,220
581
Unfortunately I think Uber will soon be operating in Vancouver, Canada. I'd much rather see Didi, Grab or Lyft in Vancouver than Uber. Didi drivers and company are awesome.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.